Introduction to Biometrics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #15 Biometrics Applications - I October 17, 2005 Outline Types of Applications Example Government Applications Grouping of Applications Plan for next few lectures References Course Text Book, Chapter 10 http://www.biometricgroup.com/applications.html http://www.biometrics.org/REPORTS/CTSTG96/ Types of Applications Identification Systems - Biometrics are increasingly integrated into large-scale systems for drivers’ licensing, surveillance, health and identity cards, and benefits issuance. - The need for singular identification and transactional verification has emerged in various public and private sector environments. IT/Network Security - As more and more valuable information is made accessible to employees via LAN and WAN, the risks associated with unauthorized access to sensitive data grow larger. - Protecting your network with passwords is problematic, as passwords are easily compromised, lost, or inappropriately shared. Types of Applications (Continued) e-Commerce and Internet - Biometrics are being positioned as a solution for eCommerce and Internet security, designed to ensure that only authorized individuals can access sensitive data or execute transactions. Access Control Biometrics have proven to be an effective solution for high-security access control, ensuring that only authorized individuals can access protected or secure areas. - Biometric systems require controlled and accurate enrollment processes, careful monitoring of security settings to ensure that the risk of unauthorized entry is low, and well-designed interfaces to ensure rapid acquisition and matching - Types of Applications (Concluded) Smart Cards - Biometrics are an authentication technology; smart cards - can be a storage, processing, and/or authentication technology. In certain applications, the two technologies compete, such that an institution may deploy smart cards instead of biometrics for access control, or vice versa. Increasingly, the two technologies are deployed in conjunction, strengthening each other’s capabilities. Some Government Applications Immigration and Naturalization Service's (INS) Passenger Accelerated Service System (INSPASS) - INSPASS was designed as a means to provide prompt admission for frequent travelers to the US by allowing them to bypass the personal interview/inspection part of the entry process. It uses hand geometry to verify the identity of the traveler at an automated inspection station. CANPASS - It is the Canadian version of INSPASS, except that it uses a fingerprint biometric, rather than hand geometry, for traveler verification. The goal of CANPASS is to ease the transfer of goods and people between the US and Canada Some Government Applications (Continued) PORTPASS - It is another INS initiative similar to INSPASS except that - people in vehicles at borders are being monitored and it uses a voice recognition biometric, instead of hand geometry. PORTPASS is used at a US/Canadian vehicle border crossing and is planned for use at US/Mexican border crossings. One version of PORTPASS (the Automated Permit Port) requires the vehicle to stop. It will also have a Video Inspection Service, allowing a driver to conference with an Inspector should the biometric fail. Another version, known as the Dedicated Commuter Lane, uses a radio frequency tag affixed to the vehicle in order to obtain the biometric as the vehicle is moving. Some Government Applications (Continued) Federal Bureau of Prisons - The Federal Bureau of Prisons is using hand geometry - units to monitor the movements of prisoners, staff, and visitors within certain Federal prisons. Visitors must enroll upon arrival and are given a magnetic stripe card containing information that points to his/her identifying information in a central database. This card must be carried with the visitor at all times Staff and inmates must also enroll. Staff are enrolled to reduce the possibility of mistakenly identifying them as an inmate or for positive identification in the event of a disturbance. Prisoners are enrolled for access control to places such as the cafeteria, recreation lounges, and the hospital. The system also allows for the tracking of prisoners' movements. Some Government Applications (Continued) Automated Fingerprint Image Reporting and Match (AFIRM) - The fingerprints of new applicants for welfare benefits are checked against a central database of prior claimants. Spanish National Social Security Identification Card (TASS) - The TASS program is a smart card initiative employing fingerprint technology to eliminate enrollment duplication and provide secure access to personal information upon retrieval. The Colombian Legislature - The Colombian Legislature uses hand geometry units to confirm the identity of the members of its two assemblies immediately prior to a vote. Some Government Applications (Concluded) Some Other Applications - California, Colorado, Florida, and Texas Departments of Motor Vehicles, Government Accounting Office's Electronic Benefits Transfer (EBT) Task Force, FBI's Integrated Automated Fingerprint Identification System (IAFIS), National Crime Information Center 2000 (NCIC 2000) Other Agencies - The Defense Advanced Research Projects Agency, Drug Enforcement Agency, Department of Defense, Department of Energy, Department of Public Safety, Department of State, Federal Bureau of Investigation, Federal Reserve Bank, Hill Air Force Base, the Pentagon, and the US Mint have several biometric devices with numerous users for access control applications Grouping Biometrics Applications Three Categories of Applications (1) Logical Access Applications (2) Physical Access Applications (3) Identify or Verify the Identity of Individuals Additional Criteria for Understanding Biometric Systems In what manner does the user interact with the system? Does the use claim identity before interacting with the system? What are the applications requirements for accuracy, enrollment and response time? Is the user motivated to comply with the biometrics systems? What sanctions are in place for misuse? What is the value of the data or material protected by the system? With what non-biometrics technologies do biometrics compete? Seven Horizontal Classifications Criminal Identification - Identify or verify the identity of a suspect or criminal Retail ATM Point of Sale - Identify/verify individuals carrying out transactions E-Commerce/Telephony - Identify/verify individuals carrying out remote transactions PC/Network access - Replace passwords and PINs Seven Horizontal Classifications (Concluded) Physical access / Time Attendance - Verify identity of individuals entering and leaving the building Citizen identification - Identify and verify individual entering and leaving the building Surveillance - Verify the identity of individuals present in a given space Biometrics Solution Matrix How urgent is the authentication problem that biometrics are solving What is the scope of the authentication problem that biometrics are solving How well can biometrics solve the authentication problem? Are biometrics the only possible authentication solution? How receptive are users to biometrics as an authentication solution Groups of Applications Citizen Facing Applications - E.g., Criminal identification Employee Facing Applications - PC/Network access, Physical access Customer-facing applications - POS Transactions Plan for Remaining Lectures (Tentative) October 19, 2005: Biometrics Applications - II October 24, 2005: Guest Lecture October 26, 2005: Biometrics Applications - III October 31, 2005: Privacy I November 2, 2005: Privacy - II November 7, 2005: Standards and Interoperability - I November 9, 2005: Guest lecture November 14, 2005: Standards and Interoperability - II November 16, 2005: Secure Biometrics - I November 21, 2005: Secure Biometrics – II November 23, 2005: Review for Finals November 28, 2005: Misc. Topics, Review for Finals